The term ”data controller” has been defined in the General Data Protection Regulation (GDPR). The GDPR, at its most basic, specifies how personal data should be lawfully processed and sets a number of legal requirements that fall on data controllers.
The data controller means any person or legal entity involved in determining the purpose and ways of processing the personal data.
Under the GDPR, the term ”data processor” means any person or legal entity involved in processing personal data on behalf of the controller.
💡 Example: an internet company collects user data via their website and stores it using a 3rd party cloud service. In this scenario, the internet company is the controller and the cloud service company is the processor.
In simple terms, the processor handles personal data on behalf of the controller and not for their own purposes.
👉 Learn more about the guidelines for the relationship between data controllers and processors in our quick guide about GDPR Article 28.
đź’ˇ You must include the identifying details of the controller in your privacy policy.
If the Owner is specifically a legal entity, it is absolutely necessary to indicate the personal details, together with the residence or registered office, as well as with the contact details. For example:
iubenda srl – Via Torino, 2 – 20123 Milan (Italy)
info@iubenda.com
See the data controller field of iubenda’s Privacy and Cookie Policy Generator below:
If the controller is a natural person, for example, a freelancer, and the relevant legislation does not provide specific indications in this regard, the data controller must, in any case, provide all the data necessary for unequivocal identification.
It is for this reason we suggest that individuals disclose personal details, residence and contact details.
Except for specific situations provided for by the relevant legislation, it is only possible to avoid stating information such as residence, provided that the requirement of unequivocal identification is met in another indisputable and valid way.
Drafting a privacy policy is complicated! It has to include a big amount of information for being legally compliant and valid. Check this out: